Solid-state storage subsystem security solution

A solid-state storage subsystem, such as a non-volatile memory card or drive, includes a main memory area that is accessible via standard memory access commands (such as ATA commands), and a restricted memory area that is accessible only via one or more non-standard commands. The restricted memory area stores information used to control access to, and/or use of, information stored in the main memory area. As one example, the restricted area may store one or more identifiers, such as a unique subsystem identifier, needed to decrypt an executable or data file stored in the main memory area. A host software component is configured to retrieve the information from the subsystem's restricted memory area, and to use the information to control access to and/or use of the information in the main memory area.

Skip to: Description  ·  Claims  ·  References Cited  · Patent History  ·  Patent History
Description
CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a division of U.S. patent application Ser. No. 11/475,841, filed Jun. 27, 2006, the disclosure of which is hereby incorporated by reference in its entirety.

BACKGROUND

1. Field of the Invention

The present invention relates to solid-state storage subsystems. More specifically, the present invention relates to restricting access to, and controlling the use of, software and data stored by a solid-state storage subsystem.

2. Description of the Related Art

Solid-state storage subsystems are used to store a wide variety of software and information. For example, a solid-state memory subsystem such as an advanced technology attachment (“ATA”) flash disk or a removable flash memory card may store information susceptible to theft, including, for example, executable code, trade secrets, financial data, security information, military information, credit card information, or other information that a user or vendor desires to keep restricted.

Conventional approaches to reducing unauthorized access to software stored on a solid-state memory subsystem typically rely on restricting access to certain individuals. Conventional systems often use identification information, such as a login and a password or a fingerprint, to grant access to software stored on the memory subsystem. One problem with such an approach is that an authorized user of the solid-state memory subsystem can use the software in an unauthorized way. For example, a user who has access to a memory subsystem with software may only have authorization to install that software on one client system, but, because he has access to the subsystem, may install the software on multiple, unauthorized client systems. Furthermore, an unauthorized user may be able to obtain the authorized user's access codes and thus gain access to the memory subsystem. A skilled user may also be able to remove the authorization requirement, or “crack” the access code, and gain access to the subsystem.

SUMMARY

Thus, it would be advantageous to develop system and method for restricting access to solid-state storage subsystems that is not dependent, or solely dependent, upon the identity or access credentials of the user.

One embodiment of the invention is a solid-state storage subsystem, such as a non-volatile memory card or drive, that includes a main memory area that is accessible via standard memory access commands (such as ATA commands), and a restricted memory area that is accessible only via one or more non-standard commands. Other embodiments may include other storage subsystems, such as hard disk drives or hybrid hard drives, that contain a restricted memory area accessible via one or more non-standard commands. The restricted memory area stores information used to control access to, and/or use of, information stored in the main memory area. As one example, the restricted area may store one or more identifiers, such as a unique subsystem identifier, needed to decrypt an executable or data file stored in the main memory area. As another example, the restricted area may store an identifier, such as a subsystem or subsystem type identifier, that is verified by a host computing device before read access is granted to the main memory area.

A host software component that runs on the host computing device is configured to retrieve the information from the subsystem's restricted memory area using one or more non-standard commands, and to use this information to control access to and/or use of the information in the main memory area. For example, the host component may use this information to decrypt a file stored in the storage subsystem's main memory, and/or may verify the retrieved information before granting access to the subsystem's main memory area. The host component (and thus the host computing device) may be specially configured to work only with a storage subsystem containing a particular unique subsystem identifier, or a particular subsystem-type identifier, in its restricted area.

In some embodiments, the host component may also be configured to identify the host to the storage subsystem. The storage subsystem may in turn compare the host's identifier to an expected value before granting access to the subsystem's main memory. By allowing both systems to identify one another, a one-to-one pairing may be created between the two systems such that either of the systems may only be used with the other.

Neither this summary nor the following detailed description purports to define the invention. The invention is defined by the claims.

BRIEF DESCRIPTION OF THE DRAWINGS

Systems and methods which embody the various features of the invention will now be described with reference to the following drawings, in which:

FIG. 1 is a block diagram illustrating a host system linked to a solid-state storage subsystem according to an embodiment of the invention;

FIGS. 2A and 2B illustrate a sample process for pairing a storage subsystem with a host system using a master system

FIG. 3 illustrates a sample process for protecting access to software when a solid-state storage subsystem is engaged with a host system;

FIG. 4 illustrates an exemplary data register containing access identification strings according to an embodiment of the invention; and

FIG. 5 illustrates an exemplary data structure for a read key command according to an embodiment of the invention.

 DETAILED DESCRIPTION OF SPECIFIC EMBODIMENTS

In the following description, reference is made to the accompanying drawings which show, by way of illustration, specific embodiments and applications of the invention. Where possible, the same reference numbers are used throughout the drawings to refer to the same or like components. In some instances, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure. The present invention, however, may be practiced without the specific details or with certain alternative equivalent components and methods to those described herein. In other instances, well-known components and methods have not been described in detail so as not to unnecessarily obscure aspects of the present disclosure.

In one embodiment of the invention, a solid-state storage subsystem, which may be in the form of a detachable device, includes a restricted memory area that is accessible only via non-standard commands, such as vendor-specific commands supported by the ATA interface standard. The restricted memory area preferably stores a unique identifier of the solid-state storage subsystem, and/or stores information that identifies its brand or type. Some or all of this information may be written to the restricted memory area during the manufacture or initialization of the subsystem, and may be stored in read-only form. A host computer system uses this information to implement an access control policy for controlling access to other information stored in the subsystem, such as data and/or executable code stored in a main or “user data” memory area. The access control policy may be implemented in-whole or in-part via special driver software executed by the host.

Various types of access control policies may be implemented using the information stored in the restricted area. For example, the host system may ensure that it is communicating with a certain unique solid-state storage subsystem, or a certain brand or type of solid-state storage subsystem, before granting access to the main or “user data” memory area of the subsystem. The access control policy may, in some embodiments, involve the generation of encryption/decryption keys for accessing subsystem's user data area.

As one example, a vendor of software may initially send a kit including a handheld computing system and a solid-state storage subsystem containing a unique identification string. The handheld system may be configured to run executable software only from a solid-state storage subsystem that contains the unique string. If the vendor releases a new version of the executable software, the vendor may send another solid-state storage subsystem with the updated software and the same identification string to the customer. The customer may then replace the old solid-state storage subsystem connected to the handheld system with the new one. Furthermore, the software may be stored in the subsystem in an encrypted form, so that it cannot be executed by other host systems.

The host system may, in some embodiments, also be configured (e.g., via the driver software) to identify itself to the solid-state storage subsystem. The solid-state storage subsystem may thus identify the host system, and the host system may likewise identify the solid-state storage subsystem using the string. By allowing both systems to identify each other, a one-to-one pairing may be created between the two systems such that each system may only be used with the other.

FIG. 1 is a diagram illustrating one embodiment of the invention. A host computer system 110, which may, for example, be a Personal Computer or a Personal Digital Assistant, is connected to a solid-state storage subsystem 112 (hereinafter “subsystem 112” or “storage subsystem 112”). The subsystem 112 may, for example, be in the form of a solid-state memory card or drive that plugs into a PCMCIA, USB, Firewire, or other slot or port of the host system 110. In this particular embodiment, the restricted, non-volatile memory area 119 of the subsystem stores two strings 130, 132, one of which identifies a type or brand of the subsystem, and the other which contains a unique identifier of the subsystem 112. Other numbers of strings, and/or other types of information, may additionally or alternatively be stored in the restricted area 119. As one example, the string or strings may contain an identifier of a type of application program stored on the subsystem 112.

The restricted memory area 119, and thus the strings 130, 132, are preferably accessible only via one or more vendor-specific commands, and thus are not exposed to the host's operating system. Stated differently, the standard memory access command codes used to access the subsystem's “user data” memory area do not provide access to the restricted area 119. In one embodiment, the strings are stored in a restricted 512-byte block of the subsystem's non-volatile memory array; however, the strings may be stored in any type of non-volatile storage, including register storage that is separate from the subsystem's non-volatile memory array.

The subsystem 112 is also shown with a device-specific file 140 stored in its main memory area. This file may contain executable code, data or both, and may but need not be encrypted. If the file 140 is encrypted, the encryption method is preferably based partly or wholly on the one or both of the strings 130, 132, stored in the restricted area 119. As one example, the file may be an executable file that is distributed via the subsystem 112, and that is encrypted based on the subsystem's unique identifier. Although a single file 140 is shown, any number of such files may be stored on the subsystem.

The host system 110 executes software, such as a driver 113, that is configured to use the vendor-specific command or commands to retrieve a block of data from the restricted area 119, and to extract the strings 130, 132 therefrom. The driver/host may use one or both strings to determine whether to enable one or more host applications 115 to access the subsystem 112. The host/driver may also use one or both strings as, or to generate, encryption/decryption keys for accessing the subsystem 112. The driver 113 may communicate with, or be part of, one or more software applications 115 that are specifically configured to use the storage subsystem 112. The driver 113 may also execute one or more software applications 115 executed directly from the storage subsystem 112. The driver 113 preferably includes functionality for using information read from the subsystem's restricted memory area 119 to control access or use of the device-specific file. For instance, the driver 113 may be configured to decrypt the file 140 using information read from the restricted area 119.

As another form of access control, the driver 113 may additionally or alternatively be configured to compare a value read from the restricted area 119 to an expected value. This expected value may be partially or wholly hard coded in the driver 113 in an obfuscated form, and/or may consist of or include a user-entered password entered via the host system each time the subsystem is used. The driver 113 may grant subsequent access to the subsystem 112 only if a match occurs.

A vendor of software on the host system 110 may decide to restrict access to software stored on the solid-state storage subsystem 112. For example, the vendor may want to restrict unauthorized access to the software when there is a significant likelihood that software on the subsystem 112 may not be used with the appropriate host system 110 or type of host system.

FIGS. 2A and 2B illustrate a sample process for pairing a storage subsystem 112 as described above with a host system 110 using a master system 108. The master system 108 may be controlled by a software vendor desiring software protection capabilities. Once the pairing has been created, the vendor may send the host system 110 and the subsystem 112 to a customer. The flow diagram shown in FIG. 2A is applicable both to the two-string embodiment shown in FIG. 1, and to embodiments that use other numbers of strings.

First, in step 201, a subsystem 112 (solid-state storage subsystem) containing one or more strings as described above is connected to the master system 108. Next, in step 202 the master system 108 sends a vendor specific “read key” command (500 in FIG. 5) to the subsystem 112. In response, in step 203 the subsystem's controller 114 retrieves the block of data containing the identification string(s). The controller 114 then extracts the identification string(s) from the data block and sends a command in step 204 to the master system 108 indicating the read key command 500 was successful. Next, the master system 108 optionally generates an encryption key in step 205 using the retrieved string(s). The encryption key may be generated by encrypting the string(s), optionally together with other information such as a pass-code, password, or a serial number, using any appropriate encryption algorithm(s). In other embodiments, other unique identifiers may be used. Example encryption methods include symmetric key algorithms such as DES, IDEA, AES, RC2, RC4, Skipjack, cryptographic hash functions, and polyalphabetic substitution ciphers. The encryption method may alternatively be selected by a vendor that will be using the subsystem 112 to protect software. In yet further embodiments, the string or strings themselves may be used as or as part of the encryption key, without first being encrypted. The additional level of protection offered by the password may be established by any well known method in the art. Furthermore, the password data may be stored in the restricted memory area 119 on the subsystem 112.

In step 206, the master system 108 uses the encryption key generated from the string(s) 130, 132 to encrypt the software. Assuming the string(s) uniquely identify the subsystem 112, this step converts the software into a device specific file 140, since the software may only be decrypted using the string data stored on the subsystem 112. After encrypting the software, the master system 108 writes the device specific file 140 onto the subsystem 112 in step 207. The master system 108 may also copy the encryption key to the same protected area where the string data is stored, although this step may be omitted since the encryption key may be recreated using the string data and an optional pass-code. For example, the pass-code may be combined with the string data using any well known method to create an encryption key for the drive specific file 140. In certain embodiments, a pass-code may be generated when the drive specific file 140 is written onto the subsystem 112. In certain embodiments, the pass-code may be stored in the restricted area, while in other embodiments the pass-code may be stored in the general area in an encrypted format. The master system 108 may then connect to a host system 110 meant to accompany the subsystem 112 in step 208 in order to configure the host system 110 for use with the subsystem 112. As part of this process, the host system may, for example, be provided with a host-specific driver 113 that is configured to verify a portion of the string data read from the restricted memory area 119. The host-specific driver may also be encoded with unique information for generating the key from the retrieved string data.

In other embodiments, in order to ensure that a subsystem 12 only grants access to a unique host system 110, the host system 110 could “identify” itself to the subsystem 112 when the host system starts up. Furthermore, the host system can also send a unique identifier to the subsystem 112, which the subsystem 112 will then always look for when the host system 110 starts up whenever the host system 110 attempts to access the subsystem 112. In yet further embodiments, the unique identifier may be generated by the host system 110 at specified and/or random times, such as every N days or every Y days where Y is a value associated with a number of writes. The identifier may be stored in the restricted area and in addition to the two strings 130 and 132 may be used as a third piece of data required to grant access to the subsystem 112. In yet other embodiments, the generated identifier could replace the use of the two strings. In yet further embodiments, the generated identifier may be written in the unrestricted data area.

FIG. 3 illustrates a sample process for protecting access to software or other information when a subsystem 112 is engaged with a host system 110. In certain embodiments, the host system 110 may be configured to decrypt data from certain solid-state storage subsystems 112 with a certain string 130, as shown in FIG. 1. For example, a vendor may release a new version of software and may distribute the updated software on a subsystem 112 with an identical string 130 as a previous subsystem 112 sent to the owner of the host system 110. Furthermore, the vendor may want to restrict unauthorized access to the software when there is a significant likelihood that software on the subsystem 112 may not be used with the appropriate host system 110.

In step 301, the subsystem 112 is connected to the host system 110. The host system 110 then sends a read key command 500 to subsystem 112 in step 302. In response to the read key command 500, in step 303 the subsystem's controller 114 retrieves a data block containing identification string(s) 130 from the subsystem's 112 restricted memory area 119. According to step 304, if the appropriate data block is not found, the controller 114 informs the host system 110 that the command was unsuccessful (step 305) and consequently the host system 110 is unable to decrypt the device specific file 140 located on the solid-state storage system 112 that was encrypted using the string 130. On the other hand, if the appropriate data block is found, in step 307 the controller informs the host system 110 that the command 500 was successful and extracts the identification string(s) from the data block and returns them to the host system 110. In step 308, the host system then attempts to decrypt the device specific file 140 on the solid-state storage system 112 using the retrieved identification string, or a key generated therefrom. In embodiments where encryption is not used, the host system 110 may simply check to confirm the existence of the appropriate string or strings on the subsystem 112, and refuse subsequent access to the subsystem if the appropriate string data is not found.

In step 309, if the decryption is unsuccessful, for example because the string(s) retrieved from the solid-state storage system 112 is/are invalid, then the host system 110 will be unable to execute or otherwise use the device specific file 140 because the file 140 remains encrypted. On the other hand, if the decryption is successful, the host system 110 will be able to decrypt and execute (or otherwise use) the device specific file 140. In some embodiments, the host system 110 may only be capable of executing the drive specific file 140 directly from the subsystem, as opposed to first reading the file into an internal host memory.

The above-described methods may be used for a wide range of applications. For example, a voicemail system vendor may originally sell a host system 110 configured according to the processes illustrated in FIGS. 2 and 3 (that only runs software from a subsystem 112 connected to the host system 110) to a customer along with an accompanying subsystem 112 containing a unique string 130 in addition to voicemail software. The host system 110 may be configured by the vendor to only run software from a subsystem 112 containing the unique string 130. When the vendor needs to send an updated version of the software to the customer, the vendor may send a new subsystem 112 containing the same unique string 130 as well as the updated software. The customer may then detach the old subsystem 112 from the host system 110 with the old software and attach the new subsystem 112 with the new software. The host system 110 may first examine if the new subsystem 112 contains the correct string(s) in protected memory; if it does, then it can run the updated software. If the solid-state storage subsystem that is attached contains no string or an incorrect string, then the host system 110 will not run the software on the unauthorized new solid-state storage subsystem.

The processes described above protect software from unauthorized use. For example, a user may create copies of the subsystem 112 onto a different solid-state storage subsystem. The user will not, however, be able to copy the string(s) located in restricted physical memory of the subsystem 112. A host system 110 will still attempt to read the unique string(s) using the read key command 500, but will be unable to do so or will read invalid data from the copied subsystem. Consequently, the host software will refuse to read the software from the unauthorized solid-state storage subsystem, and/or will be unable to decrypt and execute such software. The vendor will thus protect itself from the use of unauthorized copies of its software.

Another feature of certain embodiments is that the vendor can ensure that only subsystems approved by the vendor are used with the host systems 110 provided. For example, in the embodiment shown in FIG. 1, the subsystem 112 contains two data strings 130, 132, where the first data string 130 identifies the brand of the subsystem 112 and the second data string 132 uniquely identifies the subsystem 112 itself. This embodiment enables a host system 110 to identify that a certain brand of subsystem 112 is attached to the host 110, thereby allowing the host system provider, such as a vendor, to control what type of subsystem 112 is used with the vendor's host system 110. This is important for host system 110 providers who wish to ensure that only certain brands of solid-state storage subsystems 112 are used with their host systems 110 as a way to manage their warranty and support costs.

If desired, the host may be configured to work only with a subsystem 112 containing a particular value in the second string 132 (i.e., the string that uniquely identifies the subsystem). To create a one-to-one pairing between a particular host 110 and a particular subsystem 110, the host system 110 may be configured to identify itself to the subsystem via a special command. The subsystem 112 may deny subsequent memory access requests if the host identifier does not match an expected value pre-programmed into the protected memory area of the subsystem 112. In other embodiments, the host system 110 could identify itself to the subsystem 112 when starting up and send a unique identifier to the subsystem 112 which the subsystem 112 would then always looks for upon the host system 110 starting up or whenever the host system attempts to access the subsystem 112. Similarly, the host may deny access to the subsystem, and/or be incapable of decrypting the software or information stored thereon, if the subsystem's unique identifier is invalid. This feature may be used by software providers to ensure not only that certain solid-state storage subsystems 112 are authorized for use with a unique host system 110, but also that only certain host systems 110 are authorized for use with a unique subsystem 112.

The embodiments described herein may advantageously be used with other subsystem 112 security systems. One example security system is a system that protects access to the contents of a flash drive by a password. By advantageously combining the security features of the embodiments disclosed herein with additional password protected security, a vendor may protect its software contents on the subsystem 112 using two levels of protection—string identification and password access. In certain embodiments, before a host system 110 verifies that a subsystem 112 is authorized for use with the host system 110, the subsystem 112 may require a correct password to be entered before the host system 110 can read the contents of, and/or write to, the subsystem 112. This additional level of protection provides for security against unauthorized access to the contents of the subsystem 112, such as to the device specific file, even with the proper host system/solid-state storage subsystem 110/112 combination. For example, if the appropriate host system/solid-state storage subsystem 110/112 combination is stolen, the password protection feature may inhibit the thief from accessing the contents of the subsystem 112.

The embodiments described herein may also be used with a subsystem 112 status monitoring system. One example status monitoring system is discussed in U.S. Pat. No. 7,653,778 filed on May 8, 2006 titled “Systems and Methods For Measuring the Useful Life of Solid-State Storage Devices,” the contents of which are hereby incorporated herein by reference in their entirety. By advantageously combining the security features of the embodiments disclosed herein with a utility that monitors the expected life of a subsystem 112, a host system 110 provider will be able to ensure not only that only certain approved subsystems 112 are used with host systems 110, but also that those subsystems have an adequate life remaining. Furthermore, a host system 110 provider can advantageously monitor the expected life of a subsystem 112 according to certain embodiments discussed herein, and when the expected life of the subsystem 112 is nearing completion, the host system 110 provider can send out a new subsystem 112 to the user with an identical string 130, so that the old subsystem 112 may be replaced with the new subsystem 112.

Some additional details of one embodiment of the system will now be described with reference to FIG. 1. The host system 110 may store software on the subsystem 112 and may provide operating system functionality and a boot process for the subsystem 112. The host system 110 includes a computer program represented in computer storage for generating command data that specifies authorization operations, write operations, and read operations as described herein. As discussed below, the read key command 500 verifies authorization to access a specific solid-state storage subsystem 112. The software may comprise, for example, a driver 113 configured to send the command data to the subsystem 112 to cause the storage subsystem 112 to perform the verification operation, the read operation and/or the write operation.

The subsystem or device 112 may comprise, for example, a solid-state memory card that plugs into a slot of the host system 110. In certain embodiments, the memory card complies with, but is not limited to, at least one of the following card specifications: CompactFlash, PCMCIA, SmartMedia, MultiMediaCard, SecureDigital, Memory Stick, ATA/ATAPI, PCI Express, PCI Mezzanine Card, and AdvancedTCA Mezzanine Card. The subsystem 112 may, for example, have a housing and signal interface that complies with one of the following specifications: sub 1 inch hard disk drive, 1.8 inch hard disk drive, 2.5 inch hard disk drive and 3.5 inch hard disk drive. A custom form factor and/or signal interface may alternatively be used.

The subsystem 112 comprises a controller 114 and a non-volatile memory (“NVM”) or solid-state storage 118. In one embodiment, the controller 114 executes a firmware program to performs processes as described herein and comprises an ATA flash disk controller available, for example, from Silicon Storage Technology, Inc. as part number SST55LD019A. The controller 114 may, however, be implemented using another type of subsystem, such as an application-specific integrated circuit (ASIC) or field-programmable gate array (FPGA) that does not execute firmware. The firmware executed by the controller 114 embodies functionality for implementing the features described herein, including providing access to the restricted memory area 119 via vendor-specific commands.

The solid-state storage 118 may comprise, for example, flash integrated circuits, Chalcogenide RAM (C-RAM), Phase Change Memory (PC-RAM or PRAM), Programmable Metallization Cell RAM (PMC-RAM or PMCm), Ovonic Unified Memory (OUM), Resistance RAM (RRAM), NAND memory, NOR memory, EEPROM, Ferroelectric Memory (FeRAM), or other discrete NVM chips.

FIG. 4 illustrates one example of how the two strings 130, 132 may be stored in a 512-byte block of memory block 400 that is accessible only via one or more vendor-specific commands. The strings may be provided in any appropriate format, such as a unique universal identifier (“UUID”) format. The associated driver software 113 may be encoded with information specifying the locations of these strings in the block, and may thus be able to extract these strings when the associated 512-byte block of data is read. To inhibit reverse engineering or other tampering, the locations of the strings may be varied from one subsystem 112 to the next. Although two strings are used in this embodiment, the identification information used to practice the invention may be stored in protected memory in any appropriate form. The block of protected memory may also be used to store various other types of information associated with other features.

The string or strings 130, 132 may be permanently encoded into the solid-state storage 118 during the manufacturing process of the solid-state memory subsystem 112. Alternatively, the string(s) may be encoded into the solid-state storage 118 after the subsystem 112 is manufactured, such as by using one or more special vendor specific commands.

The host system 110 exchanges control signals with the controller 114 to coordinate the reading and writing of data to and from the solid-state storage subsystem 112. The controller 114 handles the read and write operations by sending memory control signals to the solid-state storage 118. The host 110 may communicate with the subsystem 112 using commands selected from, for example, industry standard command sets such as those provided by ATA, CF card or PC Card standards. The subsystem 112 may, in some implementations, emulate a conventional hard disk drive, such as an ATA disk drive.

FIG. 5 illustrates one example of a command format 500 that may be used for the “read key” command. The read key command is a vendor specific command in the ATA command set and, as such, includes register fields to specify features, sector count, sector number, cylinder low, cylinder high, drive head, and command information. In this example, each register field includes eight bits (i.e., D0-D7) 501. An “X” indicates that the corresponding portion of the register field can have any value. The read key command 500 instructs the controller 114 to read the data block containing the data strings 130, 132 from the protected memory area of the solid-state storage subsystem 112, as described above. In other embodiments, other command numbers that are available in the vendor specific command range, such as in the ATA command set, may be used to implement the read key command.

In other embodiments, the disclosure may be applied to other systems, including mechanical media storage systems such as hard disk drives and hybrid hard drives. For example, the disclosure discussed herein could apply to a hard disk drive with a storage area that was not accessible by an industry standard command set, but that was accessible using a vendor-specific command. Similarly, the disclosure may also apply to a hybrid hard drive, which may have one or more solid-state storage subsystems (such as NAND Flash chips) combined with a traditional hard disk drive in a single form factor.

While certain embodiments of the inventions have been described, these embodiments have been presented by way of example only, and are not intended to limit the scope of the inventions. Indeed, the novel methods and systems described herein may be embodied in a variety of other forms. Furthermore, various omissions, substitutions and changes in the form of the methods and systems described herein may be made without departing from the spirit of the inventions. The accompanying claims and their equivalents are intended to cover such forms or modifications as would fall within the scope and spirit of the inventions.

Claims

1. A system for restricting access to data stored in a memory array, the system comprising:

a storage subsystem comprising a controller and a non-volatile memory, the controller configured to communicate with a host system to verify the identity of the host system based on a unique identifier of the host system, and the non-volatile memory having stored therein: at least a portion of a software application; and at least one data string used to identify the storage subsystem, the at least one data string stored within a memory location that is separate from general readable/writeable memory and is not accessible via standard storage access commands; and
executable code adapted to run on the host system and configured to: provide the unique identifier of the host system to the storage subsystem for verifying the identity of the host system; access, via advanced technology attachment (ATA) vendor-specific commands, the at least one data string located on the storage subsystem to verify the identity of the storage subsystem; and cause the host system to execute the portion of the software application located on the storage subsystem after a one-to-one pairing is created between the host system and the storage subsystem, wherein the one-to-one pairing is created after (1) the storage subsystem has verified the identity of the host system based on the unique identifier of the host system and (2) the host system has verified the identity of the storage subsystem based on the at least one data string.

2. The system of claim 1, wherein the software application is an executable software application.

3. The system of claim 1, where at least two data strings are identified in response to receiving the ATA vendor-specific commands, and where a first data string is permanently written into the storage subsystem.

4. The system of claim 1, wherein the at least one data string indicates that the storage subsystem is associated with a first brand, and the executable code is further configured to:

determine, based on the at least one data string, whether the first brand is a certain brand; and
in response to determining that the first brand is the certain brand, cause the host system to execute the portion of the software application.

5. A system for restricting access to data stored in a memory array, the system comprising:

a processor; and
a memory configured to store executable code that, when executed, causes the processor to: provide a unique identifier of the system to a storage subsystem for verifying the identity of the system; access, via advanced technology attachment (ATA) vendor-specific commands, at least one data string located on the storage subsystem to verify the identity of the storage subsystem, wherein the at least one data string is stored in a memory location that is separate from general readable/writeable memory and not accessible via standard storage access commands; and initiate execution of at least a portion of a software application located on the storage subsystem after a one-to-one pairing is created between the system and the storage subsystem, wherein the one-to-one pairing is created after (1) the storage subsystem has verified the identity of the system based on the unique identifier of the system and (2) the system has verified the identity of the storage subsystem based on the at least one data string.

6. The system of claim 1, wherein the memory location for storing the at least one data string for each of a plurality of storage subsystems is of equal size.

7. The system of claim 1, wherein the non-volatile memory further includes data indicating vendor information of at least one of the storage subsystem and the software application.

8. The system of claim 1, wherein the unique identifier indicating the identity of the host system is regenerated after a period of time has passed.

Referenced Cited
U.S. Patent Documents
5058162 October 15, 1991 Santon et al.
5191611 March 2, 1993 Lang
5293610 March 8, 1994 Schwarz
5297283 March 22, 1994 Kelly, Jr. et al.
5375243 December 20, 1994 Parzych et al.
5418927 May 23, 1995 Chang et al.
5442704 August 15, 1995 Holtey
5469564 November 21, 1995 Junya
5512977 April 30, 1996 Imai
5530960 June 25, 1996 Parks et al.
5623637 April 22, 1997 Jones et al.
5805800 September 8, 1998 Kotani et al.
5892825 April 6, 1999 Mages et al.
6003117 December 14, 1999 Buer et al.
6006190 December 21, 1999 Baena-Arnaiz et al.
6038320 March 14, 2000 Miller
6061449 May 9, 2000 Candelore et al.
6061799 May 9, 2000 Eldridge et al.
6087955 July 11, 2000 Gray
6145028 November 7, 2000 Shank et al.
6190257 February 20, 2001 Takeda et al.
6260120 July 10, 2001 Blumenau et al.
6321314 November 20, 2001 Van Dyke
6523118 February 18, 2003 Buer
6633963 October 14, 2003 Ellison et al.
6735650 May 11, 2004 Rothberg
6738904 May 18, 2004 Linnartz et al.
6823398 November 23, 2004 Lee et al.
6845387 January 18, 2005 Prestas et al.
6880054 April 12, 2005 Cheng et al.
6895506 May 17, 2005 Abu-Husein
6961850 November 1, 2005 Stebbings
6968459 November 22, 2005 Morgan et al.
7039759 May 2, 2006 Cheng et al.
7043615 May 9, 2006 Kobayashi et al.
7043640 May 9, 2006 Pritchard et al.
7062398 June 13, 2006 Rothberg
7093139 August 15, 2006 Silverbrook et al.
7149854 December 12, 2006 Weber et al.
7215771 May 8, 2007 Hamlin
7330970 February 12, 2008 Field
7376898 May 20, 2008 Yehuda et al.
7434251 October 7, 2008 Ooi et al.
7447911 November 4, 2008 Chou et al.
7469338 December 23, 2008 Buer
7469345 December 23, 2008 Shimada et al.
7474750 January 6, 2009 Lekatsas et al.
7496763 February 24, 2009 Chiu et al.
7509441 March 24, 2009 Merry et al.
7607177 October 20, 2009 Estakhri et al.
7712131 May 4, 2010 Lethe
7743422 June 22, 2010 Narayanaswami et al.
7765373 July 27, 2010 Merry et al.
7912991 March 22, 2011 Merry et al.
7971071 June 28, 2011 Walkoe et al.
8108692 January 31, 2012 Merry et al.
8316400 November 20, 2012 Kravets
8356184 January 15, 2013 Meyer et al.
20020010827 January 24, 2002 Cheng
20020048369 April 25, 2002 Ginter et al.
20020107802 August 8, 2002 Phillips
20020141583 October 3, 2002 Barnard et al.
20020152377 October 17, 2002 Bauman et al.
20020166047 November 7, 2002 Kawamoto
20020166064 November 7, 2002 Harrison
20020174287 November 21, 2002 Cheng
20030009668 January 9, 2003 Chan et al.
20030053629 March 20, 2003 Knapen
20030126455 July 3, 2003 Sako et al.
20030145183 July 31, 2003 Muehring
20040025031 February 5, 2004 Ooi et al.
20040117309 June 17, 2004 Inoue et al.
20040117628 June 17, 2004 Colvin
20040170175 September 2, 2004 Frank et al.
20040174998 September 9, 2004 Youatt et al.
20040236918 November 25, 2004 Okaue et al.
20050005131 January 6, 2005 Yoshida et al.
20050005149 January 6, 2005 Hirota et al.
20050060481 March 17, 2005 Belonoznik
20050071656 March 31, 2005 Klein et al.
20050091509 April 28, 2005 Herberth
20050100163 May 12, 2005 Buer
20050125692 June 9, 2005 Cox et al.
20050185067 August 25, 2005 Estakhri et al.
20050210287 September 22, 2005 Paatero
20050240738 October 27, 2005 Shirogane et al.
20060031687 February 9, 2006 Su et al.
20060041934 February 23, 2006 Hetzler
20060059369 March 16, 2006 Fayad et al.
20060080526 April 13, 2006 Kasahara et al.
20060092049 May 4, 2006 Dellow
20060132822 June 22, 2006 Walmsley
20060139681 June 29, 2006 Walmsley
20060143454 June 29, 2006 Walmsley
20060174055 August 3, 2006 Flynn
20060174298 August 3, 2006 Chen et al.
20060177068 August 10, 2006 Hatakeyama
20060288235 December 21, 2006 Goto
20070038827 February 15, 2007 Inooka et al.
20070067647 March 22, 2007 Klein
20070083491 April 12, 2007 Walmsley et al.
20070130625 June 7, 2007 Lee
20070168676 July 19, 2007 Fayad et al.
20070172053 July 26, 2007 Poirier
20070180210 August 2, 2007 Thibadeau
20070186117 August 9, 2007 Klein et al.
20070192577 August 16, 2007 Kozuch et al.
20070192610 August 16, 2007 Chun et al.
20070223705 September 27, 2007 Kasahara et al.
20070260811 November 8, 2007 Merry et al.
20080109660 May 8, 2008 Mitra
20080114990 May 15, 2008 Hilbert et al.
20080155180 June 26, 2008 Shibata et al.
20080189500 August 7, 2008 Jennings et al.
20080189557 August 7, 2008 Pipitone et al.
20080256322 October 16, 2008 Chang et al.
20080320314 December 25, 2008 Eckleder et al.
20090006866 January 1, 2009 Chang
20090187898 July 23, 2009 Jayet et al.
20100205152 August 12, 2010 Ansari et al.
20110009107 January 13, 2011 Guba et al.
20110096930 April 28, 2011 Walmsley
20110143840 June 16, 2011 Sotoike et al.
20110161551 June 30, 2011 Khosravi et al.
Foreign Patent Documents
387599 September 1990 EP
1164588 December 2001 EP
1587095 October 2005 EP
2374718 October 2002 GB
Other references
  • Office Action dated Sep. 16, 2010 from U.S. Appl. No. 11/475,841, 22 pages.
  • Office Action dated Feb. 14, 2011 from U.S. Appl. No. 11/475,841, 23 pages.
  • Notice of Allowance dated Sep. 23, 2011 from U.S. Appl. No. 11/475,841, 9 pages.
  • Office Action dated Apr. 4, 2008 received in related U.S. Appl. No. 11/475,386 in 11 pages.
  • Office Action dated Aug. 20, 2008 received in related U.S. Appl. No. 11/475,386 in 13 pages.
  • Office Action dated Feb. 5, 2009 received in related U.S. Appl. No. 11/475,386 in 14 pages.
  • Office Action dated Oct. 2, 2009 received in related U.S. Appl. No. 11/475,386 in 15 pages.
  • Notice of Allowance dated Mar. 19, 2010 received in related U.S. Appl. No. 11/475,386 in 14 pages.
  • U.S. Appl. No. 13/330,450, filed Dec. 19, 2011, Danny O. Ybarra.
Patent History
Patent number: 9251381
Type: Grant
Filed: Dec 29, 2011
Date of Patent: Feb 2, 2016
Assignee: Western Digital Technologies, Inc. (Irvine, CA)
Inventors: David E. Merry (Irvine, CA), Mark Diggs (Laguna Hills, CA), Gary A. Drossel (Laguna Niguel, CA), Michael J. Hajeck (San Juan Capistrano, CA)
Primary Examiner: Gandhi Thirugnanam
Application Number: 13/339,812
Classifications
Current U.S. Class: Including Third Party For Collecting Or Distributing Payment (e.g., Clearinghouse) (705/53)
International Classification: G06F 11/30 (20060101); G06F 21/79 (20130101);